PT-2023-9710 · Linux+3 · Linux Kernel+3

Syzbot

Publicado

2023-10-02

Atualizado

2025-02-03

CVE-2023-52786

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a racy may inline data check in dio write, which can cause a denial of service. The problem occurs when the check for existing inline data and the state flag can span a lock cycle, allowing another writer to create inline data before the dio write task acquires the lock. The ext4 dio write iter() function checks the current inline state of the inode and clears the MAY INLINE DATA state flag to either fall back to buffered writes or enforce that any other writers in progress on the inode are not allowed to create inline data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-667CWE-362

Identificadores relacionados

BDU:2024-10216

CVE-2023-52786

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Produtos afetados

Astra Linux

Linux Kernel

Red Os

Suse

PT-2023-9710 · Linux+3 · Linux Kernel+3

CVE-2023-52786

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1927